I have Sitecore 8.2 with SXA, I need to change page status code in case user is not login, but try to open some pages only for login users.
Basically Sitecore works ok, I could be redirected to login page depending on settings and etc.
but the question is next why Sitecore return 302 status code ? How to change it to 403 at most proper way?

1 Answer
1

Sitecore does not set error status codes properly. The code handling no access redirect is done on the method RedirectOnNoAccess of the processor Sitecore.Pipelines.HttpRequest.ExecuteRequest, Sitecore.Kernel.

SXA sets the header for NotFound and InternalServerError, but not for Forbidden. This is done via processor Sitecore.XA.Feature.ErrorHandling.Pipelines.HtpRequestProcessed.SetStatusCode. Use a decompiler to see the code.

You could override RedirectOnNoAccess to set Context.Items["httpStatus"] to HttpStatusCode.Forbidden and then override the Process method on SetStatusCode so the switch included a check for HttpStatusCode.Forbidden and sets the StatusCode to 403.

Thanks @josedbaez in general this is good solution. But now browser return object move here message instead of sitecore page. Do you know what to do ? Redirect at web config not help
– ArbejdsglædeJan 16 at 16:35

Can you check browser console and see the URL? Is it correct?
– josedbaezJan 16 at 17:00

yes I see only requested page with status 403
– ArbejdsglædeJan 16 at 19:17

Problem might be that IIS is not letting the request through :S. You might need to play around with other Response settings. Try adding Response.TrySkipIisCustomErrors = true; or adding a substatuscode
– josedbaezJan 16 at 23:20

@josedbaex hard to do it :) not works for me in any way but any way thanks for help
– ArbejdsglædeJan 17 at 8:59